DW: One of the things you may want to think about when you’re starting to set out your relationship with your client is how you are going to explain to them the types of technology you use, and how the technology that you use will impact their information and their communications with you.

PB: The first thing a lawyer or a paralegal should consider is, “Am I going to use an engagement letter or a retainer letter?”, and the answer is, yes you should. It is the contract that you have that sets out what is expected of you and the client, and how that whole relationship is going to be treated.

DW: One of the debates that seems to arise is, “Do I really need to tell my clients about the technology I’m using?” You’re wondering, “Isn’t that the same as describing where I keep my money in my bank account and other aspects of my practice? What do you think about that?”

PB: Those are all things that you don’t necessarily want to share with your client. For example, how often do I restock the photocopier, how often do I buy new technology, and how up to date are my computers? Those are things that I don’t think you should necessarily share with a client. It is more reasonable that your client is going to want to know where their confidential information is going to be stored, how you are going to communicate with them, if you will be sending them emails, if you use a service like Gmail and the cloud, and if you have your own server-based email with your own domain. I think those are all important information for a client to have so that they can make a choice and/or possibly opt out of that means of communication.

DW: It seems that if you are trying to be clear about roles, obligations, and what the risks are, that you want to include that. There are a couple of choices. One, you can leave it out, and I wouldn’t recommend leaving out the discussion. But even if you decide to put it in, you really have two choices: one is to say, “These are the technologies that I use in my practice. I have developed my practice around using these technologies and either you are willing to have me use these technologies, or you won’t be able to have me as your lawyer.” The other way is to say, “I have all these technologies, but I also have another way to do some of these things. If you want to opt out of some of these elements, I can allow you to do so and we can work out different ways for me to communicate with you rather than using email, for example, or other ways to deal with your information.”

PB: It is the client’s confidential information that you are storing. You are responsible for its confidentiality. One of the things that they will want to know is where the information is going to be stored. Is it in a bucket in your office? Is it in a safe? Is it electronically kept somewhere else?

DW: It seems fair to say that the client should be able to choose. They may be uncomfortable, for example, with having their information moving from country to country or being stored on servers in a particular country. And I don't know that there’s really any good or bad country from that perspective, but there may be in particular cases, or particular matters, that there are certain countries where you don’t want to store your information. Letting the client know to the extent that you yourself are able to know where the information is being stored – that would be helpful.

PB: And you bring up two points: (1) do you know where that information is going to be stored? I know with some law firms and lawyers and paralegals, the cloud service that they use may just be a front for a hosting service somewhere else. They may not have the information themselves; they may be renting space on servers in California or New York or England or someplace else.

DW: If you use a service like Dropbox for example, which seems to be one of the common ones that you find lawyers using, there is a good chance that all of your information is actually being stored in the United States. So you have to have that discussion, or at least explain to your client. But that is a best case scenario, because you can find that information directly from Dropbox. With Google, if you ask them where their servers are, they won’t necessarily tell you where the servers are and which ones you’re using. If that is going to be a concern with your client in a particular matter, it is better to have that discussion up front than at the end when the client is complaining.

PB: The second point is you might have a client who has a particular sensitivity with the country that your information is going to be stored in. For example, they may have assets in the US, or maybe they are under investigation in the US, and they will not want you to store their confidential information in that country’s servers.

DW: Another thing to think about is how it is stored. What sort of encryption is applied to it? How is the information taken care of? How would you share that information with a client?

PB: I would want the client to know whether or not the information was encrypted by a third party. For example, if I sent my information into a practice-management software system in the cloud, and the information, although it’s encrypted both on the way to that third party and on their site, there is no doubt that if they were subject to some sort of search warrant, they would give up that information. The other thing the client might want to know is if you are going to pre-encrypt that information before you upload it into the cloud. That is fair to put in a retainer agreement.

DW: It will be tricky to include in an engagement letter - not to get too technical into the details - which might also change based on whether you change services in the middle of the matter. Those sorts of details may change too.

PB: Right. So how the information is stored might be one thing you want to tell them. Also, how you’re going to access that information later. For example, if the file is closed will they still be able to access that information if it is stored someplace? Are there any costs associated with recovering that information? Those are important points to put in a retainer agreement as well.

DW: Yes, and some of this you may not know, or it may change over time. But if you have an opportunity, and if you’ve really done your work as you’re setting up the technologies that you’re using in your practice, you probably have a sense of what these costs or what the considerations would be that you can incorporate. While you may not be able to give your client every detail, you can give them a sense of the scope of how you are using technology.

PB: Right. And the retainer agreement does not necessarily have to be boilerplate. Depending on the client that you have, you can be flexible and change certain parts of it as you go, depending on the client’s needs.

DW: That’s a great point.

PB: The key to this whole thing is client communication; it’s engagement; it’s their understanding of what the relationship they have with a lawyer or paralegal is.

DW: There is a spectrum; some may be reluctant, either because of the matter or because of their own technological skills, to use the technology or to agree to use it in the way that you want to. But you will also find clients at the other end who will really appreciate the technology that you’re using, the productivity gains that you’re getting out of it, and the ability for you to share with them using things like file sharing online or other tools that are built in to case management products so that they can stay up to date on the information that’s going on in their matter, without having to contact you.

PB: It is a good idea to tell the client that you are using this technology, and it is going to reduce your costs. You will be more efficient. You are using technology, one of the requirements lawyers and paralegals have. It is also a good idea to tell them what your destruction policy is.

DW: Yes. You should spell out how you’re going to do that. If you have all of this electronic data stashed out there, what are you going to do with it when the matter is over and how are you going to store it? Are you going to pull it down off of cloud servers if that is where you have it stored? Or if you have it in your office, are you going to delete it off of hard drives?